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‘aves Agenda 


¢ Wider sub-project 

¢ Research motivation 

¢ Literature review: Aims 

¢ Framework of graceful degradation 
¢ Literature review: Detailed findings 
¢ The operational envelope? 

¢ Conclusions & Implications 

¢ Next steps 
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UNIVERSITY management sub-project 


¢ Project Objective 
— Develop requirements and procedures to enable unimpeded gate-to-gate TBO that 
¢ Improves throughput, predictability, reduce delays, enables user-preferred 
trajectories by 

— Coordinating and managing traffic demand to available capacity across the NAS 
and 

— Synchronizing access to airspace, airport, and weather constraint bottlenecks 
across the NAS while 


— Maintaining safe, flexible and resilient operation 


¢ Supports ARMD Strategic Thrust 1 
— Safe, Efficient Growth in Global Operations 


¢ Key Barrier / Technical Challenge 
— Poorly coordinated constraint management across multiple facilities, systems, and 
different phases of flight 
— Gate-to-gate TBO that rely heavily on automation systems will be fragile to 
degradations in infrastructure or operational disruptions unless 


* they are designed properly upfront to handle the degraded state with reduced capability 
and then quickly and efficiently recover to full capacity 
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eee Research motivation 


¢ Trajectory based operations (TBO) is an instrumental 
concept in the NextGen initiative 


¢ In order for the TBO concept to be realized, there 
will be a “fundamental shift in ATM” (FAA, 2014): 
— Narrower tolerances (FAA, 2014) 
— More precise trajectories 
— Strategic vs tactical 

¢ System resilience is critical 
— TBO system must be able to gracefully degrade to 

maintain safe operations 

¢ Knowledge of the causes and mitigations of 

degradation in TBO must be understood 
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UNIVERSITY Literature review 
¢ Aims: 
— Identify causes of degradation in ATC and associated 
solutions 


— Identify the role of ATCOs in a gracefully degrading system 


— Develop a framework of graceful degradation from the 
literature 


¢ Expected outcomes 


— Identify causes of degradation and associated solutions 
applicable to TBO 


— Identify literature gaps and inform future research 


— Implications for ecologically valid understanding of 
graceful degradation of TBO systems 
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degradation 


Identification Prevention and mitigation of degradation: Post-degradation: | Output 


¢ Preventative measures to generate graceful degradation Recovery 
¢ Active at different stages 


Graceful 
Human Operator degradation 
(Air traffic 


System design Envrionment Human Operator Predominantly 
e.g. e.g. e.g. human operator 

* Fault tolerance Airspace design * Training 

* Redundancy Traffic flows * Human-centered Can be supported 
« Automation CONOPS interface design by all previous pre- 


Degradation cause 


System Environment 
fault or events 


failure controller) 


Procedures * Decision support degradation 
tools measures 
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Causes: System fault/ Ss 
failure 


¢ Widest range of literature 


¢ Primarily focuses on CNS ) 
— Failure can be full system or partial, such as specific sicenthins 


¢ Several categorizations documented, although no 
consistent agreement 


¢ Causes of hardware failure 
— Physical damage 
— Aging 
— Accidental/malicious interference 
¢ Software failure 
— Modelling errors 
— Integration of independent ATC software 


e Legacy technology and new technology 
¢ Technology with competing goals 
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(A r traff C 
controller) 


Human operator | 
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| Degradation cause 


e Airspace design z 
— Number and type of conflict points named | |p 
— Size of available airspace 
— Complexity can increase ATCO demand, which may put performance at 
greater risk 
¢ Imprecision/uncertainty 


¢ Off nominal events 
— Aircraft emergencies 
— Medical emergencies 
— Unexpected pilot actions 


¢ Weather 
— Widely researched 
— Leading cause of aircraft delay 
— Weather avoidance routes are pre-planned but real time updates limited 
— Consequences include manual vectoring, re-routing, delay and cancellations 


—- Controllers responsible for maintaining safe operations during these 
demanding situations 


(Air traffic 
controller) 


Human operator | 


failure 


_ Causes: Human operators Ss 
(ATCOs) 


e Least researched in graceful degradation domain 
— Human error literature in Human Factors domain 

¢ Human performance influencing factors 
— Task demand and high workload 
— Attention and perception errors 


Degradation cause 


— Communication errors 
— Procedural error 

¢ Human performance influencing factors resulting 
from use of automation (human-system interaction) 
— Underload 
— Trust 
— Design of automation — transparency and reliability 
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nANIvERSITY Identification 


¢ Required prior to prevention or mitigation 
¢ Techniques can be separated into: 
— Identifying potential causes prior to degradation 
— Identifying causes during live operations 
¢ Techniques prior to degradation include: 
— Incident and accident analysis 
— Causal modelling 
¢ Techniques of identification during live operations 
include: 
— System self-monitoring and self-identification 
— System communication to human operator 
— Human operator 
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System-related solutions _ 
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¢ Well-documented in the literature 


¢ Bertish et al. (2013) - 18 identified mitigations |:s"*"_ 
— 14/18 related to technology design and regulation “Automaton 


interface design 


¢ Hardware/software solutions [Storer | 
— Failure paths 
— Back up systems 
— Redundancy 


e Requirements- based solutions 
— Quality standards 
— Verification and validation 


¢ Technological solutions for environmental and human causes 
of degradation 
— Decision support systems 
— Automation 
— Tools to reduce uncertainty, such as enhanced weather prediction 


Achieving graceful degradation: sal 
Environmental solutions —__ 


e Literature primarily focuses on 
reducing complexity for ATCOs 

¢ Solutions are usually complex 
e Airspace redesign 

— Standard traffic flows 

— Flight follow features 

— More efficient reroutes 

— Reduction in complexity — reduction of risk of human error 
¢ Solutions to reduce uncertainty 

— CONOPS 

— Procedures 


Achieving eraceful degradation: Ss 


Controller 


¢ Contribution of ATCO to graceful | 
degradation is under-researched —rswmne rence 
¢ ATCOs maintain safe operations | —- 
through a high standard of performance 
¢ Dominant contribution post-degradation— recovery 
— Role is an on-line defense between safe and unsafe operations 
¢ Significant implications for TBO 
— System fault/failure when ATCOs are controlling more aircraft than 
they could without automation? 
— Framework supports breakdown of this issue 
¢ Need for human — systems integration to support graceful 
degradation in TBO 


— When do ATCOs reach safe limits of performance? 


“aves” The Operational envelope 


At edges, due to difficulty, 
complexity, overload etc. 
performance/safety may 
be temporarily 
compromised; but 
situation normally 
recovered before loss of 
separation event 


Normal operations: 
ATC is working 
effectively within this 
workload and 
scenario space 


Here a loss 
of separation 
will occur 
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wes” The Operational envelope 


At edges, due to difficulty, 
complexity, overload etc. 
performance/safety may 
be temporarily 
compromised; but * 
situation normally O pe rat Oona | 

recovered before loss of . 1 
effectively within this separation event maximum O pe rational 
workload and 


scenario space O pti mM U mM 


Normal operations: 
ATC is working 


Here a loss Tolerance 


of separation 
will occur 


Individual envelopes 
that interact to 
determine the overall 


system envelope 
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ves” CONClUSIONS & Implications 


¢ Findings 
— Causes of degradation and solutions categorized by systems, environment and 
human operators (ATCOs) 
— Solutions to degradation can be applied pre- or post-degradation 
— Most research on systems, least on role of the ATCO 


— Research dominantly considers ATCO to be responsible for maintenance of 
safe operations during degradation 


— Noconsideration in current literature of interactions between causes and 
solutions 


¢ Development of graceful degradation framework can be used to: 
— ldentify research gaps 
— ldentify causes of degradation and solutions 
— lIdentify interactions 
— Guide requirements for future research 
¢ Human-system interaction approach essential to achieve graceful 
degradation in TBO 


¢ Need to understand limits of system performance AND human 
performance 
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Next Steps 


e Literature review completed 
— Paper submitted and accepted to Aviation 2017 
e Aims of future work 
Identify causes of degradation in TBO 
Identify the limits of recovery for the human operator 


¢ Down selection of assumptions 

“Selection of use cases 

‘Initial understanding of recovery strategies 
‘Initial understanding of limits of recovery 


Cognitive walk- 
through 


¢ Identification of human envelope ‘limits’ 
¢ Investigation of human and system 
performance envelope interaction 

* Development of solutions to specific TBO 
issue to create graceful degradation 


Human in the 
loop 
simulations 


Future goal 


* Propose potential re-design of the system, 
Re-design of airspace, or human tasks/ procedures 
the system *Monitoring the situation prior to full 


breakdown 
eSupport the recovery phase 


Thank you! 
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